https://github.com/openssl/openssl/pull/215 Closing ticket.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=3616
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
On Monday 26 January 2015 10:03:30 Brian Smith wrote:
Hubert Kario hka...@redhat.com wrote:
Actually it does not introduce it as OpenSSL does send the notification as
TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not the extension.
On Sunday 30 November 2014 20:36:20 Richard Moore wrote:
That
New pull request based on top of current master with minor fixes:
https://github.com/openssl/openssl/pull/215
--
Regards,
Hubert Kario
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Hubert Kario hka...@redhat.com wrote:
Actually it does not introduce it as OpenSSL does send the notification as
TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not the extension.
On Sunday 30 November 2014 20:36:20 Richard Moore wrote:
That would introduce security issues such as the TLS renegotiation
Actually it does not introduce it as OpenSSL does send the notification as
TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not the extension.
The skip is also placed in t1_lib.c after the handle for RI (Renegotiation
Info), so renegotiation is performed using the secure protocol.
And while it would be nice
since some TLS1.0 servers are extension intolerant, it is necessary to
not advertise any extensions to be able to connect to them.
This patch implements command line options as well as SSL_CONF_cmd()
options to disable sending TLS extensions completely
https://github.com/openssl/openssl/pull/198
That would introduce security issues such as the TLS renegotiation flaw.
Surely a better solution is to make servers that pretend to support TLS but
actually only support SSL3 die a horrible death?
Rich.
On 30 November 2014 at 20:18, Hubert Kario via RT r...@openssl.org wrote:
since some